Skip to main content

This hacker site sold 24 million people’s data — until now

An underground illegal online marketplace that contained and sold sensitive information pertaining to individuals based out of the U.S. has been shut down.

SSNDOB, which saw people’s names, Social Security numbers, and dates of birth being collected and sold, has been successfully taken offline due to a joint operation from U.S. authorities and their counterparts in Cyprus.

A social security card in shrink-wrap paper.
Mike Kemp/Getty Images

As reported by Bleeping Computer, the marketplace itself wasn’t your run-of-the-mill operation — around 24 million individuals from the U.S. alone were affected by its illicit activity.

Recommended Videos

Due to the large scope of the operation, ​​three governmental departments collaborated in shutting down SSNDOB. The FBI, the Internal Revenue Service, and the Department of Justice were all involved.

Please enable Javascript to view this content

Additional assistance from Cyprus police was also a factor in the marketplace ceasing its operations.

The Department of Justice’s press release stated that more than $19 million in “sales revenue” was accumulated by the website’s owners.

A total of four domains that provided hosting services for the entire SSNDOB marketplace were seized, including “ssndob.ws,” “ssndob.vip,” “ssndob.club,” and “blackjob.biz.”

As for how the activities of the SSNDOB marketplace managed to go unchecked since 2015, Bleeping Computer highlights how the websites effectively evaded DDoS attacks and actions from law enforcement by supplying various mirror sites.

This practice is common amongst illegal websites such as torrent services and the like. The method makes it nearly impossible to target the core operation behind the websites as there’s always a new domain that can be accessed.

$0.50 to buy and use someone’s identity

The SSNDOB website landing page.
Image used with permission by copyright holder

As a result, SSNDOB saw threat actors being able to buy “social security numbers, dates of birth, and full info of people” predominantly through Bitcoin, which is largely an unregulated currency that has become commonplace amongst cybercriminals.

Personal information of U.S.-based residents was up for grabs for $0.50 in some cases. Dates of birth for individuals residing in the United Kingdom were also sold on the website.

According to cybersecurity firm Advanced Intel, which spoke with Bleeping Computer on the matter, a large portion of the stolen data was acquired via infiltrating healthcare and hospital systems and was subsequently utilized by cybercriminals to carry out financial fraud.

“SSNDOB was one of the largest crime shops offering a collection of personally identifiable information for fraudsters and played an integral part in fraud schemes The majority of the customers used the shop data for various types of scams from tax to bank fraud,” AdvIntel CEO Vitali Kremez told BleepingComputer.

“According to the few AdvIntel breach investigations, the criminals behind the shop specifically leveraged healthcare and hospital breach databases to source the supply of personal information for the fraudsters.”

Elsewhere, since April 2015, blockchain analysis company Chainalysis detailed how they discovered $22 million in Bitcoin transactions going directly to SSNDOB. Certain transfers equalled $100,000 in Bitcoin; Bleeping Computer aptly points out that this tidbit indicates how cybercriminals bought data in bulk.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hacker steals 1 billion people’s records in unprecedented data breach
A depiction of a hacker breaking into a system via the use of code.

An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.

The individual, 'ChinaDan', took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.

Read more
Hackers targeted AMD to steal huge 450GB of top-secret data
A depiction of a hacker breaking into a system via the use of code.

A data extortion group known as RansomHouse has asserted that it has stolen upwards of 450GB of sensitive data from AMD.

Team Red has since confirmed that it launched an investigation into the matter after the situation came to light.

Read more
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more